Easily Provide Secure Access to Webmail for Multiple Sites

Hi, we have a dedicated server running WHM with about 30 cPanel accounts hosting small school websites on a single shared IP address. A lot of the schools just use the built-in cPanel email and webmail for their email handling.

But the default behavior when they try to login to their webmail by going to 'webmail.schooldomain.org' is that it switches to secure access (https), which is good. But because the root certificate for the server is self-signed, and not for their domain, they obviously get browser warnings. And a lot of these users are not particularly tech-saavy, so it really throws them off.

- How would someone typically deal with this situation so that users don't receive a warning when just accessing their webmail?

These are all small non-profits, so giving each a dedicated IP address and SSL certificate JUST for accessing webmail is probably not an option.

Staff Member

You can install a SSL certificate with the hostname of the server for each service via:

"WHM Home » Service Configuration » Manage Service SSL Certificates"

Then, in "WHM Home » Server Configuration » Tweak Settings", under "Redirection", you can enable SSL redirection and ensure "SSL redirect destination" is set to Hostname or SSL Certificate Name. However, note that this redirection does not apply to proxy subdomains such as "webmail.domain.com".

A) So I can get just a standard single-domain SSL certificate assigned to my root hostname (e.g., host.server-domain.com) and it can cover all of the basic services (webmail, cPanel, POP/IMAP email, etc.)??

B) Then I see in Tweak Settings where you set Non-SSL and SSL redirect destinations. Would I do 'Hostname' for both?

However, note that this redirection does not apply to proxy subdomains such as "webmail.domain.com".

Click to expand...

C) So I'm pretty sure all sites on this server have A records for 'webmail.domain.org' and that's probably how most clients have accessed their webmail accounts. Would this certificate only work if clients were to go to either: 'https://www.domain.org/webmail' -or- 'https://host.server-domain.com:2083' ?? Neither is ideal, but if there's no other way to have the 'webmail.domain.org' easily redirect to something that works, I guess we'd have to slowly start 're-training' people on where to go.

Staff Member

1. Yes, you can purchase a single SSL certificate for the hostname and install it for the services in "WHM Home » Service Configuration » Manage Service SSL Certificates".

2. You can use "Hostname" or "SSL Certificate Name", as both would lead to the same destination in this case.

3. The service certificate does not apply to visitors who access the service using the proxy subdomains feature. The proxy subdomains secure URL is going to use the certificate that is installed for the individual domain name with Apache.